Platinum sponsors

TYPO3 4.6 Release Notes

This release of TYPO3 paves the way for a cleaner CMS, based on stable and proven technologies. TYPO3 4.6 --rebase contains tons of stability, performance and, of course, security improvements. As always, backward compatibility has remained an important requirement but for the first time, long-announced deprecated code has been removed, laying a fresh road for future enhancements. You will find the most important additions for our favorite CMS below.

For a detailed, technical explanation of what has changed, new settings, and descriptions of new APIs please refer to the Technical Release Notes.

Reworked localization mechanism

XLIFF is the new localization format natively used by TYPO3 4.6. It replaces the ll-XML file format TYPO3 was using through TYPO3 4.5 LTS. Although both formats are based on XML, XLIFF is an official localization format standardized by OASIS (the Organization for the Advancement of Structured Information Standards) in 2002.

Localizing TYPO3 is now easier than ever, thanks to Pootle, our new Translation Server available at translation.typo3.org. Pootle lets anyone contribute to translating TYPO3 by suggesting better texts.

In addition to a clean and easy-to-use interface, Pootle comes with advanced services such as built-in quality checks and translation memories, which helps unify the way common terms such as “Backend” or “Extension” should be translated in the many supported languages.

Finally, the Translation Server takes care of preparing ll-XML compatibility files from the native XLIFF localization files to ensure support for older versions of TYPO3.

Hierarchy of locales

TYPO3 4.6 comes with a clever fallback mechanism when a label is not found in the requested language; instead of returning the default (English) version, it allows you to define your own hierarchy of locales.

By default, French (Canada) will first use French before falling back to English. Similarly, missing labels in Brazilian Portuguese will first try to return Portuguese labels before the English ones.

This feature also accommodates completely custom fallbacks, such a swiss multilingual governmental website configured to have French, followed by German and only using English as a final option.

Form

The new Form content element makes it easy to generate forms for your websites. It provides a Form wizard based on ExtJS to allow editors to construct forms very efficiently with intuitive drag & drop functionality and sorting methods to add and replace form elements. While working in the wizard, the editor sees the form exactly as it will be displayed in the website, a concept known as WYSIWYG — what you see is what you get.

Forms without any validation do not make much sense nowadays. For this reason, the system extension supports rich validation and filter rules, such as ensuring email addresses are entered in email fields, marking fields as required or forcing fields to contain only alpha-numeric characters. Strings can be bound to minimum and maximum lengths and username fields can be automatically converted to lower-case letters upon saving.

This new Form content element is a complete rewrite and enhancement of the Form content element you may have used in the past. It is a great step forward and also paves the way for future enhancements.

Security

For new installations, the two security system extensions “saltedpasswords” and “rsaauth” are now automatically activated and used if the necessary server requirements are met.

Users upgrading to TYPO3 4.6 are strongly advised to manually enable these extensions in order to strengthen the security of their website.

Salted passwords

By using this extension, the administrator ensures that plain text passwords or MD5 passwords hashes are no longer used for user records in TYPO3. MD5 hashes are no longer safe to use for passwords as they can very quickly and easily be broken using rainbow tables. This extension adds a few random characters (called salt) to the password. With salted passwords, an attacker needs to create separate rainbow tables for each salt. As the salt itself is different for each password hash in TYPO3, retrieving a plain text password becomes really expensive and quite impracticable.

RSA authentication

TYPO3 installations often do not use SSL (https:// connection) when authenticating users. This extension adds encrypted authentication for Frontend and Backend logins to TYPO3. It uses one time-generated public and private key pairs, thus ensuring the passwords are encrypted each time with a new public key before being transferred to the server over the network.

Performance

The Caching Framework that was introduced in TYPO3 4.3 has been reworked and optimized and is now used internally by the Core itself. This opens a lot of options for administrators to speed up response time as cache data can be stored in memory by relying on services like Memcached or Redis instead of the default MySQL database.

In the Backend, JavaScript files are now concatenated into a single file, which reduces the number of requests to the server by up to 66%. Similarly, in the Frontend, concatenation and minification of both JavaScript and CSS now takes place on the fly. This is of benefit to the site integrators who no longer have to rely on manual processes or 3rd-party libraries to reduce loading time and provide the best user-experience for their websites.

Finally, Fluid templates are now compiled to PHP files. This drastically speeds up the rendering process by a factor 2-5x and reduces memory consumption as well.

Extension Manager

We identified usability flaws and a number of bugs in the “new” Extension Manager available since TYPO3 4.5 LTS and fixed them before declaring the old Extension Manager obsolete and making the ExtJS-based Extension Manager the only official module to manage extensions and update localization files.

Tabs have been reorganized, and filters and commands have been moved around to better suit the traditional workflow of managing extensions.

The Language Packages tab has been enhanced to take the locale hierarchy (both built-in and user-defined) into account when localization updates are retrieved.

Live search

The Backend search has been highly optimized:

It searches only in meaningful fields

It does not search strings within numeric fields anymore

It restricts search to meaningful tables

It is no longer restricted to only the first 4 levels deep in the page tree

Extbase / Fluid

What started as a backport of TYPO3 Flow concepts to TYPO3 CMS has grown up and matured since becoming part of the Core in TYPO3 4.3. In fact, TYPO3 Extbase and the templating engine TYPO3 Fluid are considered professional frameworks and are currently being used more and more by the TYPO3 Core itself (e.g. the system extension workspaces).

For TYPO3 4.6, the Extbase and Fluid team integrated and thoroughly tested much more than “only” the previously mentioned performance boost. The last bits of code to make Extbase feature-complete include:

New Property Mapper

The property mapper takes care of injecting database values and relations to and from the corresponding domain model. This is a central part of an MVC framework and we benefit here from the TYPO3 Flow's completely rewritten layer which has been backported to Extbase.

Signal / Slot

This pattern available in all modern programming languages is another feature backported from TYPO3 Flow. It provides a future-proof alternative to the hooks.

“Oh wait, there's more...” - Further changes in TYPO3 4.6

Sliders for TCA

A new wizard for select fields as well as input fields for times, integers and doubles has been added.

Precise publishing dates

Editors can now set the publishing date for pages and elements using both date and time values, all the way down to the minute.

Enhanced .stdWrap

The TypoScript swiss army knife feature “stdWrap” now comes with several new helpful methods. For example, integrators can now use .round to round floats and .hash for generating md5 or sha1 out of their content. Another example is how easy it is now to pick random elements from a list.

Scheduler tasks

New Scheduler tasks have been added, which help with common housekeeping on a TYPO3 installation. The Scheduler task “Table garbage collection” can be used to delete old data from ever-growing tables like the log tables. Another task, “Fileadmin recycler garbage collection”, takes care of deleting old files from _recycler_ directories, after a configurable grace period.

ENABLE_INSTALL_TOOL

This special file, used in the past to grant access to the Install Tool, does not need to be generated manually any longer. The command to create it from the administrator's User Settings has now been moved to the Install Tool module itself. In fact, opening this module in the Backend as an administrator now automatically triggers the creation of this file, which saves administrators a few clicks.

Advanced handling of cookies

It is now possible to configure separate cookie names for the Frontend and the Backend. This is particularly useful when working with several installations on the same domain.

Internationalized Domain Names (IDN)

A new library can be found in typo3/contrib/idna/ and is used to encode and decode internationalized domain names (containing special characters like umlauts and other diacritics) to and from punycode.

Marker-based templates

Developers who have not yet switched to Fluid templating can now nest subparts in TYPO3 templates much more easily than before.

Relocated t3d exports

Packages in a .t3d format exported by the import/export extension are now stored in fileadmin/_temp_ by default. Access to this directory is automatically restricted by default .htaccess rules.

Before you upgrade...

In order to make TYPO3 4.6 a clean base for further development, new requirements have been introduced and you should ensure you meet them all before planning to upgrade your existing websites.

PHP 5.3

PHP 5.3.0 or above is now required to run TYPO3 4.6. PHP 5.3 has been released for more than two years and is now available on all stable Linux distributions as well as on current operating systems such as MS Windows Server.

This allows TYPO3 to take advantage of a powerful set of features to make it cleaner and better and to ease keeping TYPO3 Fluid and the Caching Framework in sync with the development of TYPO3 Flow.

Internet Explorer 6

Support for Internet Explorer 6 has been dropped in the Backend. Extended support for MS Windows XP (and thus Internet Explorer 6) is still available through TYPO3 4.5 LTS until its end of life in April 2014.

For TYPO3 4.6, we decided to finally drop support for this old browser. This decision allows us to use more modern HTML and CSS code and get rid of some JavaScript oddities.

TYPO3 4.6 Download and TYPO3 4.7 Planning

You can choose to download the introduction package with a guided installation and a default template, the dummy package without any preconfigurations or the TYPO3 source from the Download page.

The development of TYPO3 does not end with TYPO3 4.6 --rebase! In only 6 months, the next version of the TYPO3 4.x branch will include new features such as enhanced accessibility output, a File Abstraction Layer (FAL) and lots of other ideas from you in the TYPO3 community. TYPO3 4.7 is planned to be released in April 2012.

At this point, we want to thank everyone who participated in making this release so stable, safe, fast and enriched by many nice features. This is the perfect combination of a never ending work on our CMS that makes it so great and the ideal choice for successful and professional projects.